769ecf4583f8293d51951d4fbac9ae1f1e54cef1e0993722f3bc64892494737a | Triage

Sharing

General

Target

769ecf4583f8293d51951d4fbac9ae1f1e54cef1e0993722f3bc64892494737a
Size

66KB
Sample

240820-nvgfzstejp
MD5

4558d1929b88f8faacd2316d326dd3ec
SHA1

24ae71aa9a46a21ab7f263649f7ca6bd355ffc42
SHA256

769ecf4583f8293d51951d4fbac9ae1f1e54cef1e0993722f3bc64892494737a
SHA512

68ede3a953802d8885e1e4143cf51ed96a217569097efe937ffa19c79a79918261f2b8a49ad51c7b8af8659b0d6524fcbcdce9781004fcc5f042b864fb5505a2
SSDEEP

1536:/d+eky9Mx9dNEjDBp29jQRNIUuG/1TsKJswDVndUEL5DEL:/d1vO+Bp21QrIUx/1MwddUEREL

Score

8^/10

discovery execution persistence

Malware Config

Targets

- Target
  
  BL_Awb_Shipping_Invoice_doc_001900720242247820020031808174CN20003190072024.vbs
- Size
  
  140KB
- MD5
  
  58d33bad4955326610f6c2c6d5e06c12
- SHA1
  
  87984bcb2dc81a3bfcbdc8b21053547eaa4cb1ad
- SHA256
  
  d48c32bf817ba6547c83ce46e3d49e1ff8665275f5e4e8362b6303b46dd2e315
- SHA512
  
  8c7addc6600fd431cb952b517760e3ad71d6ef887b550d8ff22518de80cedfbc4872a5d93b5bd350b464a45de0e53450a6137a3992576688aad3788132ed367f
- SSDEEP
  
  3072:vjGO63YDSdYB51Gy/ABuIWHwxoH0sHXaHb0bIkNTEx29OjmUUe:rGO63WSdYB51Gy/quNHwaHdHqHb0bIkO
Score

8^/10

discovery execution persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecutionpersistence

behavioral2

discoveryexecutionpersistence